topos.mcp.security_findings¶

SECURE diagnostics surfaced by MCP tools.

topos.mcp.security_findings.security_findings(cpg, *, max_findings=20, allow=None)[source]

Return concise dangerous-call and taint-flow diagnostics.

When allow is given, allowlisted patterns are excluded from the registry first. allow=None preserves canonical behavior.

topos.mcp.security_findings.dangerous_call_findings(cpg, *, max_findings=20, allow=None)[source]: Find dangerous API call sites with source locations.

topos.mcp.security_findings.taint_flow_findings(cpg, *, max_findings=20, allow=None)[source]: Find source-to-dangerous-sink DDG paths with source/sink snippets.